CVE-2008-4253
First published: Wed Dec 10 2008(Updated: )
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office FrontPage | =2002-sp3 | |
| Microsoft Project 2013 | =2003-sp3 | |
| Microsoft Project 2013 | =2007 | |
| Microsoft Project 2013 | =2007-sp1 | |
| Microsoft Visual Basic SDK | =6.0 | |
| Microsoft Visual FoxPro | =8.0-sp1 | |
| Microsoft Visual FoxPro | =9.0-sp1 | |
| Microsoft Visual FoxPro | =9.0-sp2 | |
| Microsoft Visual Studio | =2002-sp1 | |
| Microsoft Visual Studio | =2003-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA08-344A.html
- http://www.securitytracker.com/id?1021369
- http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
- http://www.securityfocus.com/bid/32592
- http://www.vupen.com/english/advisories/2008/3382
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5994
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
Frequently Asked Questions
What is the severity of CVE-2008-4253?
CVE-2008-4253 is considered critical due to its ability to allow remote code execution.
How do I fix CVE-2008-4253?
To fix CVE-2008-4253, ensure that you apply the latest security updates provided by Microsoft for affected software versions.
Which software is affected by CVE-2008-4253?
CVE-2008-4253 affects Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1, 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3.
What type of vulnerability is CVE-2008-4253?
CVE-2008-4253 is a remote code execution vulnerability caused by improper error handling in ActiveX controls.
Can exploitation of CVE-2008-4253 be prevented?
Exploitation of CVE-2008-4253 can be mitigated by disabling the ActiveX controls associated with the affected software or applying security patches.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/microsoft
- canonical/microsoft office frontpage
- version/microsoft office frontpage/2002-sp3
- canonical/microsoft project 2013
- version/microsoft project 2013/2003-sp3
- version/microsoft project 2013/2007
- version/microsoft project 2013/2007-sp1
- canonical/microsoft visual basic sdk
- version/microsoft visual basic sdk/6.0
- canonical/microsoft visual foxpro
- version/microsoft visual foxpro/8.0-sp1
- version/microsoft visual foxpro/9.0-sp1
- version/microsoft visual foxpro/9.0-sp2
- canonical/microsoft visual studio
- version/microsoft visual studio/2002-sp1
- version/microsoft visual studio/2003-sp1